If you're running the latest SMAC and no conflicting plugins, then any excuse which doesn't include "I loaded up a multihack/cheat" is almost certainly a lie. I'm leaving open the possibility of a false positive, but the circumstances leading to a false positive would have to be insanely unlikely. I cannot think of any situation that would lead to a false positive.

The cmdnums 189, 235, 1928, and 2087 produce the exact same seed. Cheats prefer this seed over the other ones because it's approximately dead center from the crosshair.

Cheats also abuse cmdnums in a manner more subtle, such as selecting seeds whose spread is in the general direction of the target, or by slightly reducing randomness and selecting seeds closer to the crosshair.

In many cases, this kind of tampering can be very subtle and hard to detect visually.

If you're running the latest SMAC and no conflicting plugins, then any excuse which doesn't include "I loaded up a multihack/cheat" is almost certainly a lie. I'm leaving open the possibility of a false positive, but the circumstances leading to a false positive would have to be insanely unlikely. I cannot think of any situation that would lead to a false positive.

The cmdnums 189, 235, 1928, and 2087 produce the exact same seed. Cheats prefer this seed over the other ones because it's approximately dead center from the crosshair.

Cheats also abuse cmdnums in a manner more subtle, such as selecting seeds whose spread is in the general direction of the target, or by slightly reducing randomness and selecting seeds closer to the crosshair.

In many cases, this kind of tampering can be very subtle and hard to detect visually.

Yesterday i played on our CSGO server and everything was fine.
Today i played on our server the round started and (before i moved or did anything)
i got this message in chat (btw. i'm the admin of this server).

The player has played on the server for a long time, but I only recently (about a week ago) installed the eye smac_eyetest.smx module on the server. I have seen the suspect play on the server a few times since the module was installed and it didn't give any warnings until today.

I changed the smac_eyetest_compat setting to 1 after the warnings came up as the server does run a fair number of plugins.

Should I wait to see if it catches it again after the compatibility was set or is this likely a legit detection?